I set up my private Gitlab server. It works fine and when I enter my IP I can access it. I do not have a custom domain and I also do not want one since I don't want to make the server accessible from the outside.
Most of the guides only show how to set up https with Let's Encrypt for which - as far as I can tell - I need to be in control of a domain and configure an A record for it. That's not really an option.
Some rare other guides show me how to create my self signed certificates to use it with GL (using Open ssl). My problem with that is that browsers will still tell me that the connection is insecure and treat self-signed certs as http and not https. So whtat's the sense of doing it in the first place.
So that leaves me with my question: Is there a way to set up https without a custom domain but with a real certificate (best without buying it). Or is that not even possible? If it is possible how could I start to configure my GL intance?
I was thinking maybe using cloudflare could help? I am not sure though.
Thanks very much in advance for help, hints and tipps. Very much appreciated.
This is not possible. A couple of observations -
A self signed cert is not useless. You need to ensure that cert is accepted for your domain by your computers and its quite secure. Alternatively you can go all the way and create your own CA, add your CA cert to your devices and have multiple certs.
A (browser trusted) CA will not let you sign a cert for a domain you don't control - to do that would risk their entire business.
You can have a Domain name for a site not publicly accessible - you may not be able to get a letsencrypt cert for it though, but a paid cert that will use email validation, combined with a valid subdomain you control is possible - even if the underlying IP is not globally reachable.